We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

linux router question

bennybutler
bennybutler asked
on
Medium Priority
331 Views
Last Modified: 2012-05-07
I have two networks, 192.168.1 and 192.168.2.

Between them sits a linux box, running iptables.  Actually it's a snapgear 530, but that shouldn't matter, it's just an embedded linux.

I want people on the two networks to be able to access machines on the other, but I don't know how to tell it to do this.
I don't want NAT, FULL access to everything... I'll then restrict stuff with IPTABLES.

I'm just not sure how to tell it to do this?

I do know I need to put a route command on my firewall to tell machines to back up and try the other router.
Thanks
Comment
Watch Question

Commented:
It is not just a matter of routing.  You need to configure the SnapGear with a second IP address so that it is "on" both network segments.

If the firewall is also providing access to the Internet through the untrust interface ("internet" on a SnapGear), you can set up a second IP address on the LAN interface.  Do this in Advanced IP Configuration from the IP Configuration screen.  You will also need to set up appropriate rules to allow traffic to pass between the two segments.

If the firewall is strictly being used for routing between the segments, you will probably already have the IP addresses set up for the two segments on your LAN and Internet ports.  From here it is a matter of configuring the rules / port forwarding to allow traffic to pass as you want it to.

Commented:
P.S.  If the firewall is for routing (e.g. one segment on LAN and one on Internet), you would turn off NAT in the Advanced IP Configuration screen as well.

Author

Commented:
Here's where I'm at.
Router is on both networks, 192.168.1.14/192.168.2.14
Gateway on 192.168.1.1 tells all machines to use 2.14 to get to 192.168.2 network.

It works great, any machine on 1 can get to any machine on 2.

Problem is, snapgear wants to play firewall, so anything on 2 wants to be NAT'd to get to 1.  I don't want or need NAT, I just want it to treat the 'internet' interface the same as it does the 'wan' interface.

Author

Commented:
maybe I need to create a reverse of this:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
   12   720 EstabRelFwd  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    6   360 LanFwd     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    0     0 WanFwd     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0          
    0     0 DefDeny    all  --  *      *       0.0.0.0/0            0.0.0.0/
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.